We live in a time of increasing cyber-attacks and security breaches. The Australian Cyber Security Centre (ACSC) received one cybercrime report every 10 minutes over the last 12 months, and malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication.
“While our cyber adversaries are becoming more adept, the likelihood and severity of cyber-attacks is also increasing due to our growing dependence on new information technology platforms and interconnected devices and systems,” the ACSC says.
In its third State of Cyber Resilience Research report, Accenture stated the pandemic is putting a greater strain on existing security systems. “Now, more than ever, cyber security is an increasing challenge for Australian organisations, as the prevalence of sophisticated and insidious cyber-attacks continues to grow.” According to the report, which fielded responses from 373 Australian executives in charge of an organisation’s cyber security from April to May 2019, only 43 per cent of Australian businesses are actively protected by security measures.
According to Prime Minister, Scott Morrison, Australian organisations, including governments and businesses, are currently being targeted by a sophisticated, foreign “state-based” cyber-actor. In response, the Australian Government released Australia’s Cyber Security Strategy 2020 and will invest $1.67 billion over ten years to achieve their vision of creating “a more secure online world for Australians, their business and the essential services which we all depend”.
Service interruptions aside, according to IBM Security’s 2020 edition of the Cost of a Data Breach Report, the average total cost of a data breach in 2020 was priced at $3.35 million —an increase of 9.8 percent year-on-year.
Ransomware has become one of the most significant threats given the potential impact on the operations of businesses and governments. Though ransom demands may exceed millions of dollars, affected organisations have reported experiencing other substantial financial impacts and data losses associated with recovering from a ransomware incident, regardless of whether they paid the ransom. These additional costs include rebuilding and hardening networks, implementing additional IT security controls, time and money spent on data recovery and absorbing the impact of lost productivity and revenue incurred while offline.
As the number of cyber-attack instances continues to grow, even tech companies are vulnerable. The increased adoption of video conferencing in 2020 led to 500,000 compromised Zoom accounts being sold on the Dark Web and other hacker forums. The data was stolen through a credential stuffing attack, where the hacker attempts to access an account using accounts and information that have been previously compromised in other data breaches.
The ACSC responds to hundreds of cyber security incidents each year. Many of these could have been avoided or substantially mitigated by good cyber security practices.
Despite the increasing frequency of cyber-attacks and the fall-out they induce, certain myths persistently prevail – that an on-premise environment is somehow more secure than the cloud and that all cloud-hosted offerings are equal.
In truth, most organisations are ill-equipped to deal with increasingly sophisticated cyber-attacks in-house and using a third-party Managed Service Provider (MSP) is no guarantee either. Security considerations are a current concern for many organisations, as support for Windows Server 2008 was officially withdrawn early 2020. Users will now pay for security updates under an annual fee structure which applies to a point no later than 2023. If you’re now considering a major server upgrade – either on-premise or via a third-party MSP – then it’s time to investigate alternatives.
When G&C Mutual Bank decided the time was right for an upgrade, several options were investigated. G&C Chief Information Officer, David Chapman said security was a chief concern.
“An assessment of our previous MSP environment resulted in a lot of red flags. In a world of hackers and cyber security, we needed to make a change and moving to Software as a Service (SaaS) has erased all of these issues for us,” he said.
The benefits of SaaS go beyond superior security. Committing to an on-premise or MSP cloud-hosted delivery model means it is difficult to stay on the latest version of the software – or undertaking a complex, costly and error-prone process to upgrade. As Boards are increasingly being asked to sign off IT security and privacy risk assessments, shifting to a highly accredited SaaS platform will significantly and demonstrably reduce the IT security and privacy risk profile.
SaaS delivers operational efficiencies, including automatic upgrades, patch management and compliance obligations. That means less time in-house spent on operational IT support, freeing up resources to be redeployed into other parts of the business.
For Chapman, the benefits are ongoing.
“The implementation has introduced business process automation that wasn’t possible before. The benefits we’ve experienced have come a lot faster than we initially thought and are far more effective than we believed they would be. It’s been a win-win all around,” he said.